Oval Definition:oval:org.mitre.oval:def:214
Revision Date:2011-03-21Version:10
Title:Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
Description:The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-5559
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Windows 2000 SP4 with Microsoft Data Access Components 2.5 SP3
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Microsoft Data Access Components 2.5 (SP3) is installed
  • AND the version of msadco.dll is less than 2.53.6307.0
  • OR Windows 2000 SP4 with Microsoft Data Access Components 2.7 SP1
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Microsoft Data Access Components 2.7 (SP1) is installed
  • AND the version of msadco.dll is less than 2.71.9054.0
  • OR Windows 2000 SP4 with Microsoft Data Access Components 2.8
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Microsoft Data Access Components 2.8 (RTM) is installed
  • AND the version of msadco.dll is less than 2.80.1064.0
  • OR Windows 2000 SP4 with Microsoft Data Access Components 2.8 SP1
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Microsoft Data Access Components 2.8 (SP1) is installed
  • AND the version of msadco.dll is less than 2.81.1128.0
  • OR Windows XP SP2 with Microsoft Data Access Components 2.8 SP1
  • Microsoft Windows XP SP2 or later is installed
  • AND Microsoft Data Access Components 2.8 (SP1) is installed
  • AND Msado15.dll version is less than 2.81.1128.0
  • OR Windows Server 2003 with Microsoft Data Access Components 2.8
  • Microsoft Windows Server 2003 (x86) Gold is installed
  • AND Microsoft Data Access Components 2.8 (RTM) is installed
  • AND the version of msado15.dll is less than 2.80.1064.0
    • BACK